Saturday, January 11, 2014

ForSec News SuperPost

I’m really embarrassed I let this collection of ForSec posts grow this large. There really aren’t any good excuses.


If it were any other weekend, I might take the time to break them down into a series of smaller posts, but the weather is super-nice after our recent Gulf-Coast hard-freeze and I really want to get outside and play for a bit.

So either set aside a lot of time before you get started, get a nice beverage handy, or just bookmark the monster that it is and come back when the weather outside is frightful.

Seriously, it’s that big but the material posted is also that good.

Warm Up Exercises

Practical Cyber Security Training Techniques for New IT Support Employees - (PDF link) - SANS Reading Room paper.

(IN)SECURE Magazine - Issue 40 (December 2013) Released including topics

  • Testing anti-malware products
  • Using Tshark for malware detection
  • 5 questions for the head of a malware research team
  • Malware analysis on a shoestring budget
  • Report: Virus Bulletin 2013
  • Digital ship pirates: Researchers crack vessel tracking system
  • Exploring the challenges of malware analysis
  • Evading file-based sandboxes

Doing things faster - Hexacorn blog - nice summary of personal tools and techniques used to improve your IT workflow.

Hacked Via RDP: Really Dumb Passwords — Krebs on Security

All About the Windows AutoRun

The ISC Diary has been running a series of posts on Windows auto-run techniques.

These reminded me of a very long-running series of related (and highly-detailed) posts over at the Hexacorn blog that started back in 2012 with the most recent (Part 6) posted yesterday.

Well worth bookmarking for reading and refreshing.

Blog Posts from the Forensic Experts

Holidays and crazy winter weather hasn’t slowed the blogging production of these masters of the forsec world.

Speaking of RegRipper…

Moving down the road a bit

And over in the factory

And one last interesting post…

Case Studies

Sharpen your saw on these fascinating breakdowns of malware and incident responses.

Speaking of malware analysis, I recently found a new (to me) blog that has some great analysis posts.

The posts are quite detailed and richly illustrated. Definitely worth checking out and adding to your RSS feed pile as I have done.

Meanwhile, over at the Open Security Research blog, a new series has been started on using the debugging tool WinDBG.

WinFE News

It has been forever since I last built my WinFE. I’m hoping to update it by walking through a fresh build in the next month or so. Brett Shaver’s blog site is rich with great tips and tools and documentation that makes rolling your own (stock or custom) WinFE package a piece of cake.

More ForSec LiveCD News

Back when I started blogging a lifetime ago, there were really just less than a single handful of useful forensic-focused LiveCD builds available. Most have disappeared but luckily a wealth of others sprung up to take their place. It’s all I can to do to stay on top of all the updates and releases of my favorites.

Hackage & Pwnage (and other almost depressing news of late for consumers and from the thin front line)

Like about most every American, we woke up to very bad news around Christmastime with the announcement that Target had been seriously breached. The post-mortem work appears to be silently continuing but the news has been saturated with corporate data and account breaches lately. We are still waiting for our replacement cards to come in. What a drag but small price to pay. It seem like things are getting worse, but what is discouraging is that these are probably the only ones main-stream media is focusing on and people are paying attention to. These smaller breaches occur daily at businesses large and small. My only hope is that not only will excellent forensic analysis lead to applicable lessons learned to improve things (if actually deployed) but that the public will understand the sharper and narrower razor’s edge we seem to be walking down with our personal data and the dependency of data security. Of course this whole “NSA” backdrop is another fine mess but I’ll leave that for another day.

First the bad news recorded here for posterity.

And woe the consumer…

…and what about those SnapChat users?

Of course if you try to do the right thing…expect possible whack-a-mole response to your head…

Talk about frustrating…

Have I been pwned?

Meanwhile, leave it to an Aussie to continue to fight the good fight for consumer security.

Have I been pwned? -  Check if your email has been compromised in a data breach

It’s not only a great way to stay personally informed about any security breaches but it’s a good way to show non-technical family and friends this really does impact them. Family and friends may shake their heads at the news stories, but when you have them type one of their email addresses into here and it (unfortunately) shows up…it becomes much more personal.

A few odds-and-ends in closing…

Just some odds and ends I’ve found these past weeks

Avira PC Cleaner – a second opinion scanner - Avira – TechBlog. Spotted via this BetaNews blog post, Avira reveals stand-alone Avira PC Cleaner.

FBCacheView - NirSoft - Shows Facebook images stored in the cache of your Web browser

Security Essentials for Windows XP will die when the OS does - Ars Technica - Really? Like anybody was surprised by this news.


--Claus Valca

No comments: